From 64cc9aad73fd8f5e780be46806f85473e261862f Mon Sep 17 00:00:00 2001
From: Michael Giacomelli <giac2000@hotmail.com>
Date: Wed, 9 Dec 2020 01:05:48 -0500
Subject: Do not resize images greater than 32767 pixels in either dimension

Internally, the resizing code uses the rockbox dim structure, which uses signed shorts.

Change-Id: Ic8850e8563a9d8c0cb3cf8269e2576be9e42b45b
---
 apps/recorder/jpeg_load.c | 9 +++++++++
 1 file changed, 9 insertions(+)
 mode change 100644 => 100755 apps/recorder/jpeg_load.c

diff --git a/apps/recorder/jpeg_load.c b/apps/recorder/jpeg_load.c
old mode 100644
new mode 100755
index 16a2f4e3a3..9ab42b7a9f
--- a/apps/recorder/jpeg_load.c
+++ b/apps/recorder/jpeg_load.c
@@ -2050,6 +2050,15 @@ int clip_jpeg_fd(int fd,
     if (!(status & DHT)) /* if no Huffman table present: */
         default_huff_tbl(p_jpeg); /* use default */
     fix_headers(p_jpeg); /* derive Huffman and other lookup-tables */
+
+    /*the dim array in rockbox is limited to 2^15-1 pixels, so we cannot resize
+      images larger than this without overflowing */
+    if(p_jpeg->x_size > 32767 || p_jpeg->y_size > 32767)
+    {
+        JDEBUGF("Aborting resize of image > 32767 pixels\n");
+        return -1;
+    }
+
     src_dim.width = p_jpeg->x_size;
     src_dim.height = p_jpeg->y_size;
     if (format & FORMAT_RESIZE)
-- 
cgit v1.2.3